Principal Security Engineer

How you will impact the organization…

The Principal Security Engineer plays a crucial role in integrating security engineering into the organization's architecture, applications, products, and services. This role ensures that security engineering is a fundamental part of the risk management, development, change, and production processes. The Principal Security Engineer collaborates with the Governance, Risk, and Compliance Team, the Program Management Office, Network Operations, Corporate IT, Product Management, and Engineering to identify and mitigate security risks, promote security awareness, and provide technical expertise, ensuring the organization's systems and data are secure. This individual also participates in security engineering activities and security operations, responding to threats and vulnerabilities, and contributes to the development of a robust security architecture.    

The value you will deliver…

• Identify security risks and vulnerabilities early in the software development life cycle (SDLC) to mitigate potential threats and reduce remediation costs.    
• Promote and integrate security best practices, standards, and processes into every phase of the Software Development Life Cycle (SDLC), also known as Security by Design.    
• Implement security testing methodologies, including penetration testing, code and web application reviews, and the use of automated scanning tools, to identify vulnerabilities in SaaS products and services.    
• Ensure SaaS products and services meet relevant security compliance standards and regulations.    
• Contribute to the development and maintenance of an effective incident response plan and participate in responses to security incidents and breaches to minimize damage and ensure a return to normal operations.    
• Perform continuous security monitoring and analysis to detect and respond to threats in real-time.    
• Identify, assess, and remediate security vulnerabilities within the organization's systems, including prioritizing vulnerabilities based on risk and potential impact.    
• Develop and uphold security policies, standards, and guidelines that align with the organization's goals and legal mandates.    
• Support annual audits and compliance assessments by participating in interviews and fieldwork collection efforts.    
• Contribute to the design and implementation of the organization's security architecture, including network, cloud, application, and infrastructure security.    
• Assist in identifying, selecting, and implementing security tools and technologies that align with the organization's security architecture (e.g., firewalls, intrusion detection systems, encryption solutions, and identity management systems).    
• Provide guidance and expertise to GRC, development, and IT teams on designing and implementing secure systems, helping them make informed decisions about technology and architecture choices that prioritize security.
• Perform other duties and responsibilities as required, assigned, or requested. Consensus reserves the right to add or change duties at any time.

What you will bring to the table…

• 6+ years of experience in Software Development or Information Technology.    
• 6+ years of experience with manual web application testing by proxy tools such as OWASP ZAP and Burp Suite.    
• 6+ years of experience with SIEM platforms.    
• 4+ years of experience in Web or Mobile application security testing.    
• 3+ years of experience in Secure SDLC (Software Development Life Cycle).    
• 3+ years of experience with AWS cloud technologies.
• Proficiency in designing and implementing secure network architectures, including firewalls, intrusion detection/prevention systems, and VPNs.    
• Expertise in securing software applications, including secure coding practices, web application firewalls, and secure development life cycle (SDLC) processes.    
• Understanding of cloud security principles, including configuring and securing cloud environments, and familiarity with major cloud service providers (e.g., AWS, Azure, Google Cloud).    
• Knowledge of security architecture principles and the ability to design and implement security solutions for complex infrastructures.    
• Skill in managing user identities, access controls, and authentication mechanisms.    
• Understanding of encryption techniques and protocols, including data encryption at rest and in transit.    
• Familiarity with security assessment and penetration testing tools, such as Nessus, Burp Suite, and Metasploit.    
• Knowledge of vulnerability scanning tools and processes.    
• Proficiency in using incident response tools and technologies.    
• Ability to review source code for security vulnerabilities and provide remediation guidance.    
• Skill in analyzing network traffic and packets to detect and respond to security threats.    
• Understanding security policies, standards, and regulatory compliance requirements (e.g., GDPR, HIPAA, PCI DSS).    
• Knowledge of securing various operating systems, including Windows, Linux, and Unix.    
• Expertise in database security, including access controls, encryption, and best practices.    
• Understanding mobile device security, including mobile app security and Mobile Device Management (MDM) solutions.    
• Ability to leverage data analytics and machine learning techniques for threat detection and analysis.    
• Skill in implementing network segmentation strategies.    
• Experience in developing and implementing patch management processes.    
• Skill in integrating security practices into DevOps pipelines and automation tools.    
• Experience in implementing and managing MDM solutions.
• Ability to contribute to a comprehensive security strategy that aligns with organizational goals and addresses emerging threats.    
• Proficiency in integrating security practices and principles into the SDLC and product design process.    
• Skill in designing and implementing secure architecture for networks, systems, and applications.    
• Experience in security monitoring, incident response, and vulnerability management.    
• Knowledge of security practices that align with industry standards and regulatory requirements.    
• Ability to identify, assess, and prioritize security risks and implement mitigation strategies.    
• Experience in conducting or participating in penetration testing, code reviews, and security assessments.    
• Skill in responding to security incidents, including investigation, containment, and recovery.    
• Familiarity with security tools and technologies to enhance security posture.    
• Experience in security auditing and reporting.    
• Ability to stay informed about emerging cybersecurity threats and incorporate threat intelligence into security strategies.    
• Strong technical understanding of cybersecurity technologies, protocols, and trends.
• Holding relevant security certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Ethical Hacker (CEH) that are active and in good standing.

You will stand out if you also have…

• Bachelor's degree in computer science, information technology, cybersecurity, or equivalent experience.    
• A master's degree may be preferred.    
• Typically 5+ years of experience in cybersecurity and information security roles.    
• Proven experience in security architecture, security operations, and integrating security into software development processes.    
• Proficiency in various cybersecurity technologies and tools, including network security, application security, cloud security, and encryption.    
• Hands-on experience with security assessment and penetration testing tools.    
• Familiarity with security information and event management (SIEM) systems.    
• Experience in deployment of cloud controls for infrastructure, platform, and applications (IaaS/SaaS/PaaS), specifically within AWS, Azure, and GCP.
• Active, transferable U.S. Security clearance at the Public Trust level or higher preferred.

Additional details…

• Location requirements: Fully remote within the U.S. (Los Angeles or Las Vegas preferred.)
• Travel requirements: Up to 10% travel. We will also indicate whether that travel will be international or solely domestic and whether or not they need a reliable source of transportation, valid driver’s license, etc.)
• Physical requirements: Must be able to sit for long periods, as well as, handle long periods of screen time.
• Technology requirements: Reliable, high speed internet
• Eligible for sponsorship: No
• Security clearance:  Ability to achieve and maintain a security clearance with the U.S. Government is required
   

The salary range for this role is $145,000-$155,000 USD annually.  The total compensation package for this position is negotiable and may also include annual performance bonus, ESPP, enhanced time off packages and benefits. This job doesn't have an expiration date and will remain open until a qualified candidate is hired.